Understanding the rcascan option.

[lorien]

Hello all!
I have read multiple issues/discussions/docs and -h and --help output. Still do not get it. I have two questions:

1. What is the difference between these commands:
   a) hcxdumptool (no --rcascan option is provided)
   b) hcxdumptool --rcascan=active
   c) hcxdumptool --rcascan=passive

2. What is active and passive rcascan?

[ZerBea]

rcascan == Radio Channel Assignment Scan == scan for ACCESS POINTs (AP)

passive == do not transmit PROBEREQUESTs and count BEACONs only
get channel of an AP
get MAC of an AP
get ESSID of an AP
get information about AUTHENTICATION KEY MANAGEMENT

active == transmit PROBEREQUESTs, count PROBERESPONSEs and count BEACONs
get channel of an AP
get MAC of an AP
get ESSID of an AP
get information about AUTHENTICATION KEY MANAGEMENT
check if AP is in RANGE (retrieve PROBERESONSEs)
check if packet injection is working (retrieve PROBERESONSEs)

In both modes, neither APs nor CLIENTs are attacked and all frames (except PROBERESPONSEs and BEACONs) are ignored.